Researchers Find Security Flaws in Intel Processor Hyper-Threading Technology

Intel AMT Security BranchScope

Researchers at the system and network security department at Vrije Universiteit in Amsterdam said they found another serious flaw in Intel processors. Unlike Specter and Meltdown, it does not rely on speculative execution but uses the company’s Hyper-Threading technology. However, Intel will not release any patches. According to The Register, the new side-channel vulnerability in this hyper-threaded CPU is called TLBleed because it uses the processor’s translation lookaside buffer (TLB), which is a cache that holds the address from the virtual memory. The mapping to the physical memory address.

TLBleed Security Vulnerabilities:

The vulnerability mainly uses the problem of the processor-converted backup buffer, which is mainly used to save the mapping from virtual memory to physical memory addresses.

When Hyper-Threading Technology is enabled, each core can execute multiple threads at the same time, and these threads share core resources including content buffers and lookaside buffers.

When two applications are running in the same kernel, one of the threads can monitor the other thread by checking its processor-specific resources.

Researchers have tested and found that the i7-6700K can extract the encryption key from the running program through the above method and its success rate is as high as 99.8%.

 

There is no evidence that this vulnerability has been exploited by hackers:

An attacker who wants to exploit this vulnerability needs to install malicious software on the operating system or has already obtained administrator rights to perform the operation.

Therefore, for most users, this vulnerability will not cause much impact. After all, if the malware has already been installed, the system is no longer safe.

However, this does not mean that the vulnerability can be ignored directly. For example, after OpenBSD confirmed the vulnerabilities last week, Hyper-Threading Technology was disabled on Intel processors.

However, Intel have no plan to repair:

The researchers stated that Intel Corp. showed indifference to the vulnerability and the company did not even request the CVE number from the Internet Emergency Response Center.

At the same time, it is not prepared to issue vulnerabilities to researchers who have discovered the vulnerability, so now it is not clear what Intel is thinking.

At the same time, Intel did not issue a public statement to explain this matter, so the follow-up content still needs Intel’s own statement to clarify.